Great Woman in Compliance: Building Strategic and Effective Risk Assessments
Innovation in Compliance: Gaurav Kapoor on Risk Management and the Role of AI in GRC
Compliance Tip of the Day: Finance Models for Compliance
Compliance Tip of the Day: Why Engage in Pre-acquisition Due Diligence
Compliance Tip of the Day: Bringing Predictive Analytics into Your Compliance Regime
Compliance into the Weeds: Sanctions Compliance Failures: Lessons from Harman International and Interactive Brokers
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 2 - Risk Assessment
FCPA Compliance Report: Fraud Risk Management - Insights and Experiences with Peter Schablik
#Risk New York Speaker Series – Inside Behavioral Insights: Tom Hardin on Compliance at #RiskNYC
Compliance Tip of the Day: COSO Framework
#Risk New York Speaker Series: Exploring AI Risks in Compliance with Gwen Hassan
Healthcare Enterprise Risk Management
Compliance Tip of the Day: Assessing Internal Controls in International Operations
Managing Sanctions Compliance
Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Recently, Fitch Ratings issued a discussion paper that outlined a “contemplated framework for the analysis of physical climate risk for [Structured Finance] and [Covered Bonds] for the potential negative implications of...more
Models that have historically been used by insurers to hedge risk were not designed to predict uncertain events such as natural disasters that may be exacerbated by climate change. This now leaves insurers overexposed to...more
In the run-up to this Friday’s December Board meeting, the California Privacy Protection Agency (CPPA or the “Agency”) has continued its recent flurry of regulatory activity. Late last week, the CPPA published an additional...more
In recent years, especially through 2019 and 2020, the cyber insurance market in the U.S. has seen significant growth. Middle-market companies have been actively requesting cyber insurance policies with low rates and broad...more
On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Part 500 Cybersecurity Rules, which propose substantial new obligations for the cybersecurity programs of companies...more
The Mitchell Williams Insurance Regulatory team of lawyers recently attended the National Association of Insurance Commissioners (NAIC) 2022 Spring National Meeting which was held April 4-8 in Kansas City, Missouri. The...more
In reaction to the continued uptick in high profile data incidents, yesterday, Wisconsin Governor Evers signed into law Act 73, a law establishing cybersecurity requirements for the insurance industry’s protection of data...more
The Illinois Department of Insurance (the "Department") recently released guidance to all regulated entities concerning vulnerabilities in Microsoft's Exchange Server installations. Issued on the heels of other state and...more
The cyber insurance market size is currently valued in the billions, and this does not include insurance policies that do not explicitly mention cyber incidents but may nevertheless cover them. With this in mind,...more
On February 4, 2021, New York’s Department of Financial Services (DFS) issued Insurance Circular Letter No. 2, which builds on the robust cybersecurity regulation provided in its 2017 Cybersecurity Regulation (23 NYCRR 500)....more
The New York Department of Financial Services (NYDFS) has launched its first enforcement action under New York’s Cybersecurity law for financial services, so-called Part 500. Part 500 requires NYDFS licensed institutions to...more
Developing Contingency Plans: The NYDFS Mandate on Licensed Virtual Currency Businesses - The events surrounding COVID-19 have increased the use of fintech products, both out of necessity and convenience. Shelter-in-place...more
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State...more
Now that the CCPA is in effect, some companies will need to revise their policies. The cyber insurance markets are beginning to adapt to the new California Consumer Privacy Act (CCPA) which went into effect on January 1. ...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Parliament's report on whether and how the use of blockchain technology can comply with the General Data Protection Regulation, as well as...more
Recent private equity investments in high-profile deals, such as Bain Capital’s acquisition of esure and Apollo’s acquisition of Aspen Insurance, have brought European insurance sector deal values to record highs. Regulatory...more
The next phase of New York’s cybersecurity rules entered into force on September 4, 2018, requiring Covered Entities, including insurance companies, banks, and other financial services companies regulated by the New York...more
New York’s cybersecurity regulations (“Regulations”) set forth rolling deadlines, with some of the most significant mandates coming into play on September 1, 2018. Issued by the Department of Financial Services (“DFS”), and...more
South Carolina has become the first state to enact cybersecurity legislation for the insurance industry. On May 3, Governor McMaster signed a bill requiring South Carolina insurers to “develop, implement, and maintain a...more
The ramp-up of cybersecurity regulation, albeit in a patchwork fashion through state-level legislation, has begun. On May 18, 2018, South Carolina enacted the Insurance Data Security Act (Act), becoming the first state to...more
• Limited access to autonomous vehicle operations data remains a key barrier to insurance companies’ development of adaptive insurance policies. • Representatives from the insurance industry support federal regulation of...more
South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed...more
Several of the new requirements of the New York State Department of Financial Services (DFS) Cybersecurity Regulation are now operative for firms and individuals engaged in financial services (including insurance companies...more
Following New York’s lead after the Department of Financial Services (the NYDFS) promulgated its Cybersecurity Regulation, in October 2017 the NAIC adopted its Insurance Data Security Model Law (the NAIC Model) to establish...more
It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more